Professional Documents
Culture Documents
SPECIAL REPORT:
Trends in
HMI/SCADA
How advanced systems are
simplifying operators ability
to respond to what matters.
Sponsored by
www.controlglobal.com
TABLE OF CONTENTS
13
18
www.controlglobal.com
The present generation of operator graphics uses some of these elements, often hiding
or eliminating numerical values and incorporating retro panel board faceplates, animated bar graphs and dials. But when I pitch these ideas to the boss, he has a straightforward rebuttal: Do we expect our operators to be fighter pilots? Thats a very succinct
way of saying, jazzy new graphics aside, we dont rely on operators for life-or-death
split-second judgments and actions, like one would a pilot in combat. In fact, most
HAZOPs, layer of protection analyses (LOPAs) and alarm philosophies specify allowing
10 minutes for an operator to respond to take credit for an operator intervention. Some
companies require a lot more than 10 minutes, or not at all! Our operators are rocks,
one HAZOP leader told me.
While operators arent supposed to be ready to unleash a Sidewinder missile and shoot
down the enemy in a fraction of a second, they still benefit from a keen awareness of
the state of the process. Most process phenomena are taking place inside opaque piping, vessels and machinery; instrumentation is the only way anyone has a notion of
whats happening. The measurements and indications we deliver to operators monitors
or panel boards constitute their eyes and ears. In the view of ISA 18.2-2009/IEC 62682,
www.controlglobal.com
of variables to monitor.
Shutdown/Disposal
tube. If you wanted to alarm on that measurement, you procured a pressure switch,
calibrated it to actuate at the desired alarm
Trip Indication
Upset
Normal
Upset Indication
Target
Pre-Upset Warning
Off-Target Indication
www.controlglobal.com
needs bulletproof
reliability if we expect
it to alert an operator
who has hundreds or
thousands of variables
to monitor.
is necessary to ensure the alarm is annunciated. As systems move toward architectures where the I/O isnt closely held by
(i.e., wired to) the controllers, autonomous
and deterministic delivery of alarms would
be a measurable benefit.
www.controlglobal.com
A lasting plan
for managing alarms
A well-written alarm philosophy defines procedures that allow your team to
get alarms under control now and for the long haul.
By Ian Nimmo and Stephen Maddox
vendor to help them with their poorly designed and overloaded alarm management system.
Many companies start out on the right track. They hear that standards and guidelines like
EEMUA 191 talk about a lifecycle model, and the first step in that model is an alarm philosophy document. So they pay someone to write an alarm philosophy document, but when its
complete, its useless to the alarm rationalization process because it doesnt tell how to address common issues that can save time and have a very big impact.
An alarm philosophy is a policy with rules and guidelines that can be enforced. An effective
philosophy document will guide the rationalization process and describe procedures that
will keep alarms under control on a continuing basis. The following are the key elements.
www.controlglobal.com
Figure 1: PPCLs CVE tool allows the rationalization team to see the operating envelope, how it
changes based on operations and how the alarms are placed against this variability. Credit: PPCL
ranty if changed.
in a timely manner.
www.controlglobal.com
PV
Normal
Unack
Alarm
process response
without operator action
Ack and
Response
consequence
threshold
Return to
Normal
process response
to operator action
operator takes
timely action
alarm
setpoint
oper
ack
response process
delay
deadtime
delay
alarm
operator takes
latest action
Operator
Response Time
max oper
response
delay
process
deadtime
Time
Max Operator
Response Time
TIME TO RESPOND
Figure 2: Analysis of response must consider the maximum operator delay time. If the operator
doesnt respond within this time, the consequences will be realized. This is critical for determining the
required response time and setting alarm priority. Credit: User Centered Design Services Inc.
www.controlglobal.com
parameter is set to alarm unacknowledged. The response time for the operator
define as detection.
responses.
RATIONALIZATION PROCEDURE
document:
alarm, and may have to use the HMI to determine which of several potential problems
ing procedure:
www.controlglobal.com
ment tools that provide statistical analysis including frequency of alarms, lists of
operator performance.
tool are:
10
www.controlglobal.com
ensure the effectiveness of the rationalization team. We have been on many projects
where only one or two operators are provided. Part way through the week, someone
gets sick and they have to go back, so they
can cover night shift, and youre lost.
To ensure success, the project should be
set up just like any other project that the
company takes on. It should have goals; it
should have identified and confirmed re-
in the alarm response sheet discussed earlier. Where possible, integrate it into a pull-
alarm frequency.
11
www.controlglobal.com
alarm system.
inevitable.
Ian Nimmo is the owner and Stephen Maddox is a human factors design consultant
atUser Centered Design Services, Inc.
12
www.controlglobal.com
eeing is believing, and bringing operational information into the light makes it usable by everyone in an enterpriseallowing them all to make faster, more productive decisions.
This enhanced awareness was especially useful atGE Lighting, which reinvented itself to
transition from manufacturing millions of homogenous, incandescent light bulbs to developing tailored, LED lighting solutions for its many customers.
Similarly, Coca-Cola gained new insights to help further optimize production, while also
taking advantage of cloud-based data gathering, analysis and protection. These experiences were described by Craig Platt, IT director at GE Lighting, and Ioan Batran, automation engineering director at Coca-Cola Refreshments (CCR), in their presentation, Operational Excellence: Improve Data Visibility Across the Enterprise at GEs User Summit in
Orlando, Florida.
Incandescent bulbs were our bread and butter, but now its going to be unlawful to
manufacture them. Fortunately, were prepared on the LED side, but we also had to
combine a 75-year-old business with what is basically a start-up organization, said
Platt. Where lighting used to be a replacement business at the back of the supply chain,
we had to move further up into the supply chain because LED is a fixtures-and-solutions
13
www.controlglobal.com
14
www.controlglobal.com
stakeholder buy-in.
based server.
compare the performance of different machines, added Batean. Next steps include
15
www.controlglobal.com
sible responses:
Todays SCADA is not just monitoring and
Too many alarms
Complexity of processes
Regulatory requirement
an efficient operation.
16
www.controlglobal.com
greater efficiency.
every day.
17
www.controlglobal.com
Understanding and
minimizing HMI/SCADA
system security gaps
By Prasad Pai, GE Digital
eing at the heart of an operations data visualization, control and reporting for operational improvements, HMI/SCADA systems have received a great deal of attention, especially due to various cyber threats and other media-fueled vulnerabilities.
The focus on HMI/SCADA security has grown exponentially in the last decade, and as a result, users of HMI/SCADA systems across the globe are increasingly taking steps to protect
this key element of their operations.
The HMI/SCADA market has been evolving over the last 20 years with functionality, scalability and interoperability at the forefront. For example, HMI/SCADA software has evolved
from being a programming package that enables quick development of an application to
visualize data within a programmable logic controller (PLC) to being a development suite
of products that delivers powerful 3-D visualizations, intelligent control capabilities, data
recording functions, and networkability.
With HMI/SCADA systems advancing technologically and implementations becoming
increasingly complex, some industry standards have emerged with the goal of improving
security. However, part of the challenge is knowing where to start in securing the entire
system.
18
www.controlglobal.com
ware Technology.
security.
COMMUNICATION
SCADA SECURITY IN CONTEXT
ERP
MES
SCADA/HMI
IT Components of an
unauthorized access
and manipulation
of that data. This
HMI/SCADA layer,
PLC/DCS
bleshooting but
also to distribute
the computing
load and elimi-
19
www.controlglobal.com
SOFTWARE TECHNOLOGY
thentication.
Platform Operating System, which have distinct differences when it comes to security.
over a network
cious intent.
compromised.
20
www.controlglobal.com
es, service packs and upgrades, while others choose not to apply any new patches,
terminal, the reality is that HMI/SCADA software capabilities are much more exhaustive.
tors perspective and uses company guidelines throughout the application to ensure
21
www.controlglobal.com
entire system.
software capabilities
their systems.
needs.
amine the local situation, so when components are commanded by the HMI/SCADA
continuous operations.
22
www.controlglobal.com
system security.
IT level.
verification.
FUNDING IN TODAYS
BUSINESS CLIMATE
password.
23
www.controlglobal.com
protect systems. Thats why its important for companies to better understand
www.ge-ip.com/contact www.ge-ip.com
24
GE Digital
DRIVE SMART
OPERATOR DECISIONS
With just a glance, operators can recognize which
information requires attention, what it indicates, and
the right actions to take. Thats the power of GEs high
performance HMI/SCADAenabling operators to transform
business through increased efficiency and reduced costs.